Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: Re: [ActiveDir] [OT] Need help with Server sizing for AD MS certificate Services
Prev Next
You are not authorized to post a reply.

AuthorMessages
fhartonoUser is Offline

Posts:27

09/01/2010 12:34 PM  
If its just a normal auto enrollment, I'd also vote for vm, as the
pain on migrating CA for hardware refresh is err painful.

Of course if its those ocsp responders and the environment is heavy on
those side it probbly requires more?

On 9/1/10, Steven Griffiths <servernet1997@hotmail.com> wrote:
>
> Agree with all the previous posters. I've recently deployed a certificate
> services solution using VMware that issues certificates to several thousand
> computers and performance is not a problem.
>
>
>
> Keep in mind that once a certificate has been issued, the subscriber won't
> talk to the CA again until the certificate needs renewing, which could be a
> period measured in years! So after an initial period where certificates are
> issued, there will be long periods where activity will be minimal.
>
>
>
> I assume you'll use the server for HTTP access to the CA certificates and
> CRLs? If you're using 2K8 R2, are your clients recent enough (Vista or
> later, though a 3rd-party OCSP client exists for XP) to also use OCSP for
> validation?
>
>
>
> Why are you considering a clustered solution? The main reason to do so is if
> you are planning to use key recovery. If it is just for availability of the
> CA service and CRL, it is probably easier just to deploy a second server.
>
>
>
> Steve G
>
>
>
>
>
> From: Ken@adOpenStatic.com
> To: activedir@mail.activedir.org
> Subject: RE: [ActiveDir] [OT] Need help with Server sizing for AD MS
> certificate Services
> Date: Tue, 31 Aug 2010 17:01:15 +0000
>
>
>
>
>
>
>
> +1
>
> AD CS is unlikely to put significant load on your environment unless you
> have to issue several thousand certs in one go. But that would probably be
> an irregular event.
>
> That still makes it hard to justify in a proposal or design document.
> However you may be able to simulate in a simple test environment if you need
> performance metrics to justify in a business case or design,
>
> Cheers
> Ken
>
> From: activedir-owner@mail.activedir.org
> [mailto:activedir-owner@mail.activedir.org] On Behalf Of David Loder
> Sent: Tuesday, 31 August 2010 10:41 PM
> To: activedir@mail.activedir.org
> Subject: Re: [ActiveDir] [OT] Need help with Server sizing for AD MS
> certificate Services
>
>
>
>
>
>
> If the hardware meets the minimum requirements for running R2, that scale
> will barely be noticed; unless you try and pulse all the enrollments at once
> and want them all to succeed without retrying later.
>
>
>
> Raw metal is becoming overkill for many infrastructure requirements.
>
>
>
>
>
> -- http://dloder.blogspot.com --
>
> --- On Tue, 8/31/10, Britt, Brian <brian.britt@Vanderbilt.Edu> wrote:
>
>
> From: Britt, Brian <brian.britt@Vanderbilt.Edu>
> Subject: [ActiveDir] [OT] Need help with Server sizing for AD MS certificate
> Services
> To: "activedir@mail.activedir.org" <activedir@mail.activedir.org>
> Date: Tuesday, August 31, 2010, 10:24 AM
>
>
> All:
>
> Does anyone use Microsoft’s AD Certificate Services in their environment? I
> am trying to implement AD CS on 2008 R2 servers in a failover cluster.
> However I cannot find any documentation other than general guidelines for
> 2008 R2 pertaining to HW recommendations. I have the potential of issuing
> several thousand email, Authenticode, and smartcard certificates in my
> environment.
>
> Does anyone know of a document, calculation, etc explaining the sizing of
> a AD CS server? I need to order the hardware ASAP.
> Any help is much appreciated.
>
>


--
Kind Regards,

Freddy Hartono

You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > Re: [ActiveDir] [OT] Need help with Server sizing for AD MS certificate Services



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:MrPTSai
New TodayNew Today:0
New YesterdayNew Yesterday:0
User CountOverall:5234
People OnlinePeople Online:
VisitorsVisitors:33
MembersMembers:0
TotalTotal:33
Online NowOnline Now:

Ads

Copyright 2009 ActiveDir.org
Terms Of Use